/** @return user id */
static function byUsername($name)
{
$user = User::getByName($name);
if ($user && $user->id) {
return $user->id;
}
return false;
}
/**
* 登录
* @param string $username 用户名
* @param string $password 密码
*/
public static function Login($username, $password)
{
$user = new User();
$ret = $user->getByName($username);
if (!$ret) {
return '用户名不存在!';
}
if ($ret['password'] != md5($password)) {
return '密码错误!';
}
$user->update(array('last_login' => time()), $ret);
return self::WriteCookie($ret['id'], $ret['username'], $ret['type']);
}
public function loginAction()
{
$userInactive = false;
try {
$user = User::getByName($this->_getParam("username"));
if ($user instanceof User) {
if ($user->isActive()) {
$authenticated = false;
if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
$authenticated = true;
} else {
if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
$authenticated = true;
// save the information to session when the user want's to reset the password
// this is because otherwise the old password is required => see also PIMCORE-1468
if ($this->_getParam("reset")) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->password_reset = true;
}
} else {
throw new Exception("User and Password doesn't match");
}
}
if ($authenticated) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->user = $user;
Zend_Session::regenerateId();
}
} else {
$userInactive = true;
throw new Exception("User is inactive");
}
} else {
throw new Exception("User doesn't exist");
}
} catch (Exception $e) {
//see if module or plugin authenticates user
$user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
if ($user instanceof User) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->user = $user;
$this->_redirect("/admin/?_dc=" . time());
} else {
$this->writeLogFile($this->_getParam("username"), $e->getMessage());
Logger::info("Login Exception" . $e);
$this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
exit;
}
}
$this->_redirect("/admin/?_dc=" . time());
}
public function loginAction()
{
$userInactive = false;
try {
$user = User::getByName($this->_getParam("username"));
if ($user instanceof User) {
if ($user->isActive()) {
$authenticated = false;
if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
$authenticated = true;
} else {
if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
$authenticated = true;
} else {
throw new Exception("User and Password doesn't match");
}
}
if ($authenticated) {
$adminSession = new Zend_Session_Namespace("pimcore_admin");
$adminSession->user = $user;
$adminSession->frozenuser = $user->getAsFrozen();
}
} else {
$userInactive = true;
throw new Exception("User is inactive");
}
} else {
throw new Exception("User doesn't exist");
}
} catch (Exception $e) {
//see if module ore plugin authenticates user
$user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
if ($user instanceof User) {
$adminSession = new Zend_Session_Namespace("pimcore_admin");
$adminSession->user = $user;
$adminSession->frozenuser = $user->getAsFrozen();
$this->_redirect("/admin/?_dc=" . time());
} else {
$this->writeLogFile($this->_getParam("username"), $e->getMessage());
Logger::info("Login Exception" . $e);
$this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
$this->getResponse()->sendResponse();
exit;
}
}
$this->_redirect("/admin/?_dc=" . time());
}
public static function create($username, $password, $type = SESSION_REGULAR, $algo = 'sha512')
{
$username = trim($username);
if (User::getByName($username)) {
return false;
}
$o = new User();
$o->name = $username;
$o->type = $type;
$o->time_created = sql_datetime(now());
$o->id = $o->store();
if (!$o->id) {
return false;
}
$session = SessionHandler::getInstance();
$o->password = Password::encrypt($o->id, $session->getEncryptKey(), $password, $algo);
$o->store();
// write again with password encoded using the user id
dp($session->getUsername() . ' created user ' . $username . ' (' . $o->id . ') of type ' . $type);
return $o->id;
}
/**
* @return void
*/
public function save()
{
if (!$this->getUser() instanceof User) {
if ($this->getUserId()) {
$this->user = User::getById(intval($this->getUserId()));
} else {
if ($this->getUsername()) {
$this->user = User::getByName($this->getUsername());
}
}
}
$this->setUserId($this->getUser()->getId());
$this->getResource()->save();
}
public function executeList()
{
$rss = $this->getRequestParameter('rss');
$object = $this->getRequestParameter('object');
$output = '';
$title = Tools::get('name');
$link = Tools::get('url');
$description = Tools::get('rss_desc');
$offset = $this->getRequestParameter('offset');
$limit = $this->getRequestParameter('limit');
if ($object == 'application') {
$title .= ' - Applications';
$user_id = $this->getRequestParameter('user_id');
if ($this->getRequestParameter('user_name')) {
$user_id = User::getByName($this->getRequestParameter('user_name'))->getId();
}
$q = new Doctrine_Query();
$q = $q->select('a.*')->from('Application a');
if ($user_id) {
$q = $q->addWhere('user_id = ?', array($user_id));
}
$q = $q->addWhere('approved = ?', array(true));
$q = $q->orderby('updated_at desc');
if ($limit) {
$q->limit($limit);
}
if ($offset) {
$q->offset($offset);
}
$applications = $q->execute();
if (!$rss) {
$output .= '<applications count="' . $applications->count() . '">';
}
foreach ($applications as $application) {
$output .= $application->getXML($rss);
}
if (!$rss) {
$output .= '</applications>';
}
} elseif ($object == 'comment') {
$title .= ' - Comments';
$user_id = $this->getRequestParameter('user_id');
if ($this->getRequestParameter('user_name')) {
$user_id = User::getByName($this->getRequestParameter('user_name'))->getId();
}
$application_id = $this->getRequestParameter('application_id');
$module_id = $this->getRequestParameter('module_id');
$theme_id = $this->getRequestParameter('theme_id');
$q = new Doctrine_Query();
$q = $q->select('c.*')->from('Comment c');
if ($user_id) {
$q = $q->addWhere('user_id = ?', array($user_id));
}
if ($application_id) {
$q = $q->addWhere('application_id = ?', array($application_id));
}
if ($module_id) {
$q = $q->addWhere('madule_id = ?', array($module_id));
}
if ($theme_id) {
$q = $q->addWhere('theme_id = ?', array($theme_id));
}
$q = $q->orderby('updated_at desc');
if ($limit) {
$q->limit($limit);
}
if ($offset) {
$q->offset($offset);
}
$comments = $q->execute();
if (!$rss) {
$output .= '<comments count="' . $comments->count() . '">';
}
foreach ($comments as $comment) {
$output .= $comment->getXML($rss);
}
if (!$rss) {
$output .= '</comments>';
}
} elseif ($object == 'module') {
$title .= ' - Modules';
$application_id = $this->getRequestParameter('application_id');
$user_id = $this->getRequestParameter('user_id');
if ($this->getRequestParameter('user_name')) {
$user_id = User::getByName($this->getRequestParameter('user_name'))->getId();
}
$q = new Doctrine_Query();
$q = $q->select('m.*')->from('Madule m');
if ($application_id) {
$q = $q->addWhere('application_id = ?', array($application_id));
}
if ($user_id) {
$q = $q->addWhere('user_id = ?', array($user_id));
}
$q = $q->addWhere('approved = ?', array(true));
$q = $q->orderby('updated_at desc');
if ($limit) {
$q->limit($limit);
}
if ($offset) {
$q->offset($offset);
}
$modules = $q->execute();
if (!$rss) {
$output .= '<modules count="' . $modules->count() . '">';
}
foreach ($modules as $module) {
$output .= $module->getXML($rss);
}
if (!$rss) {
$output .= '</modules>';
}
} elseif ($object == 'theme') {
$title .= ' - Themes';
$user_id = $this->getRequestParameter('user_id');
if ($this->getRequestParameter('user_name')) {
$user_id = User::getByName($this->getRequestParameter('user_name'))->getId();
}
$theme_group_id = $this->getRequestParameter('theme_group_id');
if ($this->getRequestParameter('theme_group_title')) {
$theme_group_id = ThemeGroup::getByTitle($this->getRequestParameter('theme_group_title'))->getId();
}
if ($this->getRequestParameter('theme_group_name')) {
$theme_group_id = ThemeGroup::getByName($this->getRequestParameter('theme_group_name'))->getId();
}
$application_id = $this->getRequestParameter('application_id');
$module_id = $this->getRequestParameter('module_id');
$q = new Doctrine_Query();
$q = $q->select('t.*')->from('Theme t');
if ($application_id) {
$q = $q->addWhere('t.id IN (SELECT ttg.theme_id from ThemeThemeGroup ttg where ttg.theme_group_id IN ' . '(SELECT ag.theme_group_id FROM ApplicationThemeGroup ag where ag.application_id = ?))', array($application_id));
} elseif ($module_id) {
$q = $q->addWhere('t.id IN (SELECT ttg.theme_id from ThemeThemeGroup ttg where ttg.theme_group_id IN ' . '(SELECT mg.theme_group_id FROM MaduleThemeGroup mg where mg.madule_id = ?))', array($module_id));
} elseif ($theme_group_id) {
$q = $q->innerJoin('t.ThemeThemeGroups ttg')->addWhere('ttg.theme_group_id = ?', array($theme_group_id));
}
if ($user_id) {
$q = $q->addWhere('user_id = ?', array($user_id));
}
$q = $q->addWhere('approved = ?', array(true));
$q = $q->orderby('updated_at desc');
if ($limit) {
$q->limit($limit);
}
if ($offset) {
$q->offset($offset);
}
$themes = $q->execute();
if (!$rss) {
$output .= '<themes count="' . $themes->count() . '">';
}
foreach ($themes as $theme) {
$output .= $theme->getXML($rss);
}
if (!$rss) {
$output .= '</themes>';
}
} elseif ($object == 'theme_group') {
$title .= ' - Theme Groups';
$theme_id = $this->getRequestParameter('theme_id');
$q = new Doctrine_Query();
$q = $q->select('t.*')->from('ThemeGroup t');
if ($theme_id) {
$q = $q->innerJoin('t.ThemeThemeGroups ttg')->addWhere('ttg.theme_id = ? and t.known = ?', array($theme_id, true));
}
$q = $q->orderby('updated_at desc');
if ($limit) {
$q->limit($limit);
}
if ($offset) {
$q->offset($offset);
}
$themeGroups = $q->execute();
if (!$rss) {
$output .= '<theme_groups count="' . $themeGroups->count() . '">';
}
foreach ($themeGroups as $themeGroup) {
$output .= $themeGroup->getXML($rss);
}
if (!$rss) {
$output .= '</theme_groups>';
}
} elseif ($object == 'user') {
$title .= ' - Users';
$q = new Doctrine_Query();
$q = $q->select('u.*')->from('User u')->orderby('updated_at desc');
if ($limit) {
$q->limit($limit);
}
if ($offset) {
$q->offset($offset);
}
$users = $q->execute();
if (!$rss) {
$output .= '<users count="' . $users->count() . '">';
}
foreach ($users as $user) {
$output .= $user->getXML($rss);
}
if (!$rss) {
$output .= '</users>';
}
}
if ($rss) {
$this->output = '<rss version="2.0">' . '<channel>' . '<title>' . $title . '</title>' . '<link>' . $link . '</link>' . '<description>' . $description . '</description>' . '<generator>' . $title . '</generator>' . $output . '</channel>' . '</rss>';
} else {
$this->output = '<rsp stat="ok">' . $output . '</rsp>';
}
$this->setTemplate('index');
}
public function testDeleteUser()
{
$user = User::create(array("parentId" => 0, "username" => "dummy", "password" => md5(time()), "hasCredentials" => true, "active" => true));
unset($user);
$user = User::getByName("dummy");
$user->delete();
unset($user);
$user = User::getByName("dummy");
$this->assertFalse($user);
}
/**
* @static
* @throws Exception
* @param string $username
* @param string $token
* @param bool $adminRequired
* @return User
*/
public static function tokenAuthentication($username, $token, $algorithm, $mode, $adminRequired = false)
{
$user = User::getByName($username);
if (!$user instanceof User) {
throw new Exception("invalid username");
} else {
if (!$user->isActive()) {
throw new Exception("user inactive");
} else {
if ($adminRequired and !$user->isAdmin()) {
throw new Exception("no permission");
}
}
}
$passwordHash = $user->getPassword();
$decrypted = Pimcore_Tool_Authentication::decrypt($passwordHash, $token, $algorithm, $mode);
$timestamp = $decrypted[0];
$timeZone = date_default_timezone_get();
date_default_timezone_set("UTC");
if ($timestamp > time() or $timestamp < time() - 60 * 30) {
throw new Exception("invalid timestamp");
}
date_default_timezone_set($timeZone);
return $user;
}
$user->getAll();
});
$app->get('/users/:id', function ($id) use($user) {
$user->getById($id);
});
$app->get('/users/:id/friends', function ($id) use($user) {
$user->getFriends($id);
});
$app->get('/users/:id/score', function ($id) use($user) {
$user->getScore($id);
});
$app->get('/users/:id/rewards', function ($id) use($user) {
$user->getRewards($id);
});
$app->get('/users/search/:name', function ($name) use($user) {
$user->getByName($name);
});
$app->delete('/users/:id', function ($id) use($user) {
$user->delete($id);
});
$app->post('/users', function () use($user, $app) {
$request = $app->request();
$body = $request->getBody();
$vo = json_decode($body);
$user->insert($vo);
});
$app->put('/users/:id', function ($id) use($user, $app) {
$request = $app->request();
$body = $request->getBody();
$vo = json_decode($body);
$vo->facebook_user_id = $id;
<?php
include 'configs/configs.php';
session_start();
$name = $_SESSION["name"];
//echo $name;
$detailAccount = User::getByName($name);
//print_r($detailAccount);
$smarty->assign('detailAcc', $detailAccount);
$smarty->display('account.tpl');
$user->logout();
}
redirect();
}
// if user is already logged in,
// to index since we didn't provide such a link
if ($has_login) {
redirect();
// to index
}
$username = _post('username');
$password = _post('password');
$msg = '';
if ($by_post) {
if (User::check($username, $password)) {
$user = User::getByName($username);
$user->login();
$type = strtolower($user->type);
${$type} = $user->instance();
$back_url = _get('back_url') ?: DEFAULT_LOGIN_REDIRECT_URL;
switch ($user->type) {
case 'SuperAdmin':
$back_url = 'user';
break;
case 'Admin':
case 'Customer':
break;
default:
throw new Exception("unkonwn user type: {$user}->{$type}");
break;
}
<?php
include 'configs/configs.php';
//---Thuc hien cap nhat, goi ham cap nhat va gan cac gia tri
if (isset($_POST['Name'])) {
echo $pass = $_POST['Pass'];
echo $ID = $_POST['ID'];
echo $email = $_POST['eMail'];
echo $isAdmin = $_POST['isAdmin'];
echo $name = $_POST['Name'];
$newUser = new User();
$newUser->ID = $ID;
$newUser->userName = $name;
$newUser->passWord = $pass;
$newUser->eMail = $email;
$newUser->isAdmin = $isAdmin;
$newUser->Update();
header('location: manageuser.php');
} else {
//--Nếu tồn tại giá trị của user thì hiện ra bảng sửa thông tin người dùng,
$name = $_POST['search'];
$newUser = User::getByName($name);
//print_r($newUser);
//$a=$newUser[0]->userName;
//echo $a;
$smarty->assign('newUser', $newUser);
$smarty->display('edituser.tpl');
}
function login()
{
//$user = new Album($this->db);
$post = json_decode($this->f3->get('BODY'), true);
//$album->AlbumName = $this->f3->get('POST.AlbumName');
$username = $post['UserName'];
$password = $post['UserPassword'];
$user = new User($this->db);
$user->getByName($username);
if ($user->dry()) {
echo $this->utils->errorResponse('Username or Password Incorrect');
}
if (password_verify($password, $user->UserPassword)) {
$token = $this->getToken($user->UserID, $user->UserName, $user->UserRole);
} else {
echo $this->utils->errorResponse('Username or Password Incorrect');
}
return $token;
}
function handleEditUsername($p)
{
$p['new_user'] = trim($p['new_user']);
$error = ErrorHandler::getInstance();
$session = SessionHandler::getInstance();
// dont put empty names or current username on request queue
if (!$p['new_user'] || $p['new_user'] == $session->username) {
$error->add('Useless request');
return false;
}
if (User::getByName($p['new_user'])) {
$error->add('Username taken');
return false;
}
if (ReservedWord::isReservedUsername($p['new_user'])) {
$error->add('Username is reserved');
return false;
}
// put request on queue for admins
ModerationObject::add(MODERATE_CHANGE_USERNAME, $p['new_user']);
echo '<div class="good">Your request for username change have been submitted and will be handled soon!</div>';
}
/**
* Handles logins
*
* @param $username
* @param $pwd
* @return true on success
*/
function login($username, $pwd, $type = SESSION_REGULAR)
{
$error = ErrorHandler::getInstance();
if (!$this->allow_logins) {
$error->add('Logins currently not allowed.');
return false;
}
$username = trim($username);
$pwd = trim($pwd);
switch ($type) {
case SESSION_REGULAR:
$user = User::getByName($username);
break;
case SESSION_FACEBOOK:
$user = new FacebookUser($username);
break;
default:
throw new \Exception('hmm ' . $type);
}
if (!$user || !$user->id) {
$error->add('Login failed - user not found1');
return false;
}
$x = User::getExact($type, $user->id, $username, $pwd);
if (!$x) {
dp('Failed login attempt: username ' . $username);
$error->add('Login failed - user not found2');
return false;
}
$this->id = $user->id;
$this->ip = client_ip();
$this->username = $username;
$this->type = $type;
$this->usermode = UserGroupHandler::getUserLevel($user->id);
if ($this->usermode >= USERLEVEL_WEBMASTER) {
$this->isWebmaster = true;
}
if ($this->usermode >= USERLEVEL_ADMIN) {
$this->isAdmin = true;
}
if ($this->usermode >= USERLEVEL_SUPERADMIN) {
$this->isSuperAdmin = true;
}
$q = 'UPDATE tblUsers SET time_last_login = NOW(), time_last_active = NOW(), last_ip = ?' . ' WHERE id = ?';
Sql::pUpdate($q, 'si', client_ip(), $this->id);
LoginEntry::add($this->id, client_ip(), $_SERVER['HTTP_USER_AGENT']);
$_SESSION['id'] = $this->id;
$_SESSION['username'] = $this->username;
$_SESSION['usermode'] = $this->usermode;
$_SESSION['isWebmaster'] = $this->isWebmaster;
$_SESSION['isAdmin'] = $this->isAdmin;
$_SESSION['isSuperAdmin'] = $this->isSuperAdmin;
$_SESSION['referer'] = $this->referer;
$_SESSION['ip'] = $this->ip;
$_SESSION['type'] = $this->type;
$_SESSION['last_active'] = time();
session_write_close();
dp($this->username . ' logged in from ' . $this->ip);
$error->reset();
// remove previous errors
return true;
}
<?php
/**
* 注册页面
* @author 潘洪学 panliu888@gmail.com
* @create_date 2011-10
*/
include_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'init.php';
if (Passport::IsLogin()) {
redirect('index.php');
}
if (Request::IsPost()) {
$fields = $_POST['f'];
if (validate($fields)) {
$user = new User();
$ret = $user->getByName($fields['username']);
$TEMPLATE['error'] = array();
if ($ret) {
$TEMPLATE['error']['username'] = '******';
} else {
$tableInfo = array('username' => $fields['username'], 'password' => md5($fields['password']), 'type' => $user->totals() == 0 ? 1 : 0, 'reg_date' => time(), 'last_login' => time());
$newid = $user->insertIgnore($tableInfo);
if ($newid) {
$ret = Passport::WriteCookie($newid, $tableInfo['username'], $tableInfo['type']);
$return_url = get_returnurl('index.php');
$wt_open = new WTOpen();
$cbs = $wt_open->getCallbackList();
$scripts = '';
if (count($cbs) > 0) {
$token = http_build_query($ret);
foreach ($cbs as $value) {
//管理员
}
}
exit;
}
if (isset($_POST['login'])) {
require_once dirname(dirname(__FILE__)) . '/lib/cls_captcha.php';
/* $validator = new captcha();
if (!$validator->check_word($_POST['captcha']))
{
echo "<script>alert('captcha error!');history.back();</script>";
exit;
}*/
//
$bRet = User::checkLogin($_POST['userId'], $_POST['pwd']);
$rank = User::getByName($_POST['userId']);
if ($bRet == true) {
if ($rank['F_RANK'] == 1 || $rank['F_RANK'] == 3) {
$arrayList = array(date('Y-m-d H:i:s', time()), date('Y-m-d H:i:s', time()), $_SERVER['REMOTE_ADDR'], $_POST['userId']);
$bRet = User::updataStatus($arrayList);
if ($bRet == true) {
//获取待处理的箱门
$waitDeal = DataDetails::getNeedData();
//获取处理完成的箱门
$dealed = DataDetails::getDealed();
//获取处理的历时记录
$hisDeal = DataDetails::getHistoryDeal();
$_SESSION['userId'] = $_POST['userId'];
$smarty->assign("waitDeal", $waitDeal);
$smarty->assign("dealed", $dealed);
$smarty->assign("hisDeal", array_slice($hisDeal, 0, 25));
test(1, 1, 'test for 1 === 1');
begin_test();
$username = '******';
$password = '******';
$realname = '小池';
$phone = '13711231212';
$email = '*****@*****.**';
$info = compact('username', 'password', 'realname', 'phone', 'email');
$customer = Customer::create($info);
test(1, 1, array('name' => 'register Customer, db'));
begin_test();
test(User::check($username, $password), true, array('name' => 'User::check($username, $password)'));
begin_test();
$username = '******';
$password = '******';
$user = User::getByName('root');
$superadmin = $user->instance();
$admin = $superadmin->createAdmin(compact('username', 'password'));
$ideal_arr = array('name' => $username, 'password' => md5($password), 'type' => 'Admin');
$id = Pdb::lastInsertId();
$real_arr = Pdb::fetchRow('name, password, type', User::$table, array('id=?' => $id));
test($real_arr, $ideal_arr, array('name' => 'Super Admin create Admin, db'));
begin_test();
$prd_types = Product::types();
$info = array('name' => '唯爱心形群镶女戒_test', 'type' => reset(array_keys($prd_types)), 'material' => json_encode(array('PT950', '白18K金', '黄18K金', '红18K金')), 'rabbet_start' => '0.30', 'rabbet_end' => '0.60', 'weight' => 9, 'small_stone' => 3, 'st_weight' => 2.1, 'images' => array('400' => array('/test/static/img/i400-1.jpg', '/test/static/img/i400-2.jpg', '/test/static/img/i400-3.jpg'), 'thumb' => array('/test/static/img/i80-1.jpg', '/test/static/img/i80-2.jpg', '/test/static/img/i80-3.jpg')));
$product = Product::create($info);
test(1, 1, array('name' => 'Admin post Product, db'));
begin_test();
$address = $customer->defaultAddress();
$address->edit(array('name' => '小池', 'phone' => '14722320989', 'detail' => '深圳罗湖区田贝'));
test(1, 1, array('name' => 'edit Address'));
